On This Page

Integrating Apple Pay into Your System

This section describes how to integrate Apple Pay into your iOS app or website. The integration tasks are organized into three parts. The second part provides separate steps for the two different decryption models. The third part applies only if you will be supporting Apple Pay on the web.
You will perform the integration tasks twice: First in your test environment and, after you validate your test integration, a second time in your production environment.
  • Part 1: Set Up Your Apple Developer Account
    . You will enroll your organization in the Apple Developer Program, create an
    Apple merchant ID
    , and register it in your developer account.
  • Part 2: Create an Apple Pay Payment Processing Certificate
    . This certificate is associated with your merchant ID, and it is used by Apple Pay servers to encrypt payment data.
    • You will generate a
      certificate signing request
       (CSR) at the system that will handle Apple Pay payload decryption. For
      VDC NAB
       decryption, you will generate the CSR at the
      VDC NAB
      Gateway Portal
       user interface. For merchant decryption, you will generate the CSR at your Apple device.
    • You will upload the CSR with the public key to your Apple Developer account and use the CSR to create a
      payments processing certificate
       for your merchant ID and Apple Pay.
  • Part 3: Perform Additional Setup for Apple Pay on the Web
    . If you offer your customers Apple Pay on the web, you will create an
    Apple Pay merchant identity certificate
    , associate the certificate with your merchant ID, and register
    each merchant domain
     that will process Apple Pay transactions.
TIP
If you are integrating
Apple Pay with
VDC NAB
 decryption
 and you are experienced in creating Apple Pay payment processing certificates, you can use the Quick Integration for the VDC NAB Decryption Method instead of the detailed steps in this section.

Part 1: Set Up Your Apple Developer Account

Complete the tasks in this section to enroll your organization in the Apple Developer program and register a new Apple merchant ID.

Starting Enrollment in the Apple Developer Program

Enrolling in the Apple Developer program as an organization enables you to associate multiple developer accounts with your Apple Developer account. Multiple developer accounts can be beneficial if you have a large project with a team of developers.
For the first phase of the enrollment process, you log in to your Apple Developer account and submit information about your organization to Apple.
IMPORTANT
When you perform tasks at the Apple Developer portal, always refer to official Apple documentation for the most up-to-date information
.
  1. Follow these steps to start the enrollment process:
  2. Launch the Apple Developer app on your device.
  3. Click
    Account
    , and sign in with your Apple ID.
  4. If prompted, review the Apple Developer Agreement and click
    Agree
    .
  5. Click
    Enroll Now
    , review the program benefits and requirements, and then click
    Continue
    .
  6. At the prompts, enter your information as the Account Holder.
  7. At the prompts, enter information about your organization.

RESULT

After Apple verifies your information and approves your enrollment, it sends you an email that describes the next steps.

Completing Enrollment in the Apple Developer Program

When you receive your approval email from Apple, you will log in to your Apple Developer account again and complete the enrollment process.
IMPORTANT
When you perform tasks at the Apple Developer portal, always refer to official Apple documentation for the most up-to-date information
.
  1. Follow these steps to complete the enrollment process:
  2. Launch the Apple Developer app on the device you used to start the enrollment process.
  3. Click
    Account
     and sign in with the Apple ID you used to start the enrollment process.
  4. Click
    Continue Your Enrollment
    , review the terms of the Apple Developer Program License Agreement, and then click
    Agree
    .
  5. Review the annual membership subscription details and click
    Subscribe
    .

Registering a New Merchant ID in Your Apple Developer Account

Finish setting up your Apple Developer account by creating and registering a merchant ID for each environment. A registered merchant ID uniquely identifies you to Apple Pay as a valid entity that can accept payments.
In order to support multiple environments, such as sandbox and production, you can create multiple merchant IDs in your Apple Developer account.
IMPORTANT
When you perform tasks at the Apple Developer portal, always refer to official Apple documentation for the most up-to-date information
.
  1. Follow these steps to create a merchant ID and to register it in your Apple Developer account:
  2. Log in to your Apple Developer account.
  3. In the left navigation panel, select
    Certificates, Identifiers & Profiles
    .
  4. Click
    Identifiers
    .
  5. Click the plus sign (
    +
    ) on the top left.
  6. Select
    Merchant IDs
     and click
    Continue
    .
  7. Enter a merchant description and identifier name.
  8. Click
    Continue
    .
  9. Verify that you entered the merchant information correctly.
  10. Click
    Register
    .

Part 2: Create an Apple Pay Payment Processing Certificate

Complete the tasks in this section to create an Apple Pay payment processing certificate. Apple Pay servers use this certificate to encrypt payment data. Creation of an Apple Pay payment processing certificate consists of two tasks:
  • Generating a certificate signing request (CSR).
  • Using the CSR to create an Apple Pay payment processing certificate.
IMPORTANT
When you generate a CSR, the sequence of steps you will perform depends on whether you are integrating
VDC NAB
 decryption and merchant decryption.

Generating a CSR for
VDC NAB
 Decryption

IMPORTANT
These steps apply to setting up
VDC NAB
 decryption only. If you are integrating the merchant decryption model of Apple Pay into your system, follow the steps in Generating a CSR for Merchant Decryption instead.
For
VDC NAB
 decryption, you will use your
VDC NAB
 account in the
Gateway Portal
 to generate a certificate signing request (CSR). You will use the Apple Pay Registration page within the
Gateway Portal
.
If you do not have an Admin account or an account with write access, contact your Account Admin,
National Australia Bank
 sales engineer, alliance partner, or technical account manager.
  1. Follow these steps at the
    VDC NAB
    Gateway Portal
     to generate a CSR:
  2. Log in to your
    VDC NAB
     merchant account in the
    Gateway Portal
    .

    ADDITIONAL INFORMATION

    ADDITIONAL INFORMATION

  3. In the left navigation panel, select
    Payment Configuration
    .
  4. Choose
    Digital Payment Solutions
    .

    ADDITIONAL INFORMATION

    The Digital Payment Solutions page appears.
  5. Click
    Configure
     for Apple Pay.

    ADDITIONAL INFORMATION

    The Apple Pay Registration page appears.

    ADDITIONAL INFORMATION

    This image shows the Apple Pay Registration page in the
    VDC NAB
    Gateway Portal
    .

    Figure:

    Apple Pay Registration Page in the
    VDC NAB
    Gateway Portal
     Interface
    Business Center UI : Payment Configuration : Digital Payment Solutions : Apple Pay Registration (aem pdf)
  6. Enter the Apple merchant ID that you created and registered in your Apple Developer account.

    ADDITIONAL INFORMATION

    These steps are described in Registering a New Merchant ID in Your Apple Developer Account. This value should match the id you set up with Apple including the "merchant" prefix.
  7. Click
    Generate new certificate signing request
    .
  8. Click the download icon next to the key.
  9. Download the certificate request file (a file with a
    .certSigningRequest
     file extension) to your local machine.
  10. Use your browser controls to save the file to your local machine.

    ADDITIONAL INFORMATION

    In the next task, you will upload the CSR file to your Apple Developer account.

Generating a CSR for Merchant Decryption

IMPORTANT
These steps apply to setting up merchant decryption only. If you are integrating the
VDC NAB
 decryption model of Apple Pay into your system, follow the steps in Generating a CSR for VDC NAB Decryption instead.
For merchant decryption, you will use your Apple device to generate a certificate signing request (CSR).
IMPORTANT
When you perform tasks at the Apple Developer portal, always refer to official Apple documentation for the most up-to-date information
.
  1. Follow these steps at your Apple device to generate a CSR:
  2. Sign in to your Apple Developer account as the Account Holder or as an Admin and select
    Certificates, Identifiers & Profiles
    .
  3. Click
    Identifiers
     in the sidebar.
  4. Select
    Merchant IDs
     and click
    Continue
    .
  5. Under Identifiers, select
    Merchant IDs
     using the filter on the top right.
  6. On the right, select your merchant identifier.
  7. Under Apple Pay Payment Processing Certificate, click
    Create Certificate
    .

Creating a Payment Processing Certificate for Your Merchant ID

Using the certificate signing request that you just created, you will create an Apple payment processing certificate and associate the certificate with your Apple merchant ID that you created before that. Those earlier tasks are described in these topics:
Apple Pay uses the payment processing certificate to encrypt the customer's payment information. This certificate expires every 25 months. If the certificate expires or is revoked, you can recreate it.
IMPORTANT
When you perform tasks at the Apple Developer portal, always refer to official Apple documentation for the most up-to-date information
.
  1. Follow these steps to create a payment processing certificate for your Apple Pay merchant ID:
  2. Sign in to your Apple Developer account as the Account Holder or as an Admin and select
    Certificates, Identifiers & Profiles
    .
  3. Upload the CSR file and associate the CSR with your merchant ID.

    ADDITIONAL INFORMATION

    The CSR contains your Apple merchant ID and a public key that Apple Pay uses to encrypt sensitive payment data.
    1. Click
      Identifiers
       in the sidebar.
    2. Select
      Merchant IDs
       using the filter on the top right.
    3. On the right, select your merchant ID.

      Step Result

      If a banner at the top of the page prompts you, you need to accept an agreement. Click
      Review Agreement
       and follow the instructions that appear.
    4. Under Apple Pay Payment Processing Certificate, click
      Create Certificate
      .
  4. Create a payment processing certificate and download the certificate to your local machine.
    1. Click
      Choose File
       and select the CSR file that you uploaded.

      ADDITIONAL INFORMATION

      The CSR file has the filename extension
      .certSigningRequest
      .
    2. Click
      Choose
      .
    3. Click
      Continue
      .
    4. Click
      Download
      .

      Step Result

      The payment processing certificate (a file with the filename extension
      .cert
      ) appears in your Downloads folder.
  5. Go to the next task.

Part 3: Perform Additional Setup for Apple Pay on the Web

If you develop web pages that support Apple Pay on the Web, your customers can use Apple Pay to purchase goods and services from within your web page. You can use the same Apple Pay merchant ID and Apple Pay payment processing certificate as required for Apple Pay in-app implementations. However, Apple Pay on the Web requires additional set-up tasks that you perform in your Apple Developer account:
  • Creating an Apple Pay merchant identity certificate
  • Registering your merchant domains with Apple
If you created multiple merchant ID and payment processing certificate pairs to support multiple environments, such as sandbox and production, you must associate each ID-and-certificate pair with a unique merchant identify certificate.

Creating an Apple Pay Merchant Identity Certificate

If you offer your customers Apple Pay in a web page, you must create an Apple Pay merchant identity certificate and associate it with your merchant ID. You need this Transport Layer Security (TLS) certificate in order to authenticate your sessions with the Apple Pay servers.
IMPORTANT
When you perform tasks at the Apple Developer portal, always refer to official Apple documentation for the most up-to-date information
.
  1. Follow these steps to create an Apple Pay merchant identity certificate:
  2. Log in to your Apple Developer merchant account as an Account Holder or Admin.
  3. In the left navigation panel, select
    Certificates, Identifiers & Profiles
    .
  4. Perform these steps for each merchant identity certificate you need to create:
    1. Click
      Identifiers
      , and click the plus sign (
      +
      ) on the top left.
    2. Select
      Merchant IDs
       and click
      Continue
      .
    3. Enter the merchant description and identifier name, and then click
      Continue
      .
    4. Click
      Register
      .

Registering Your Merchant Domains with Apple

Each merchant domain in your organization that will process Apple Pay transactions must be registered with Apple.
IMPORTANT
When you perform tasks at the Apple Developer portal, always refer to official Apple documentation for the most up-to-date information
.
  1. Follow these steps to register your merchant domains with Apple:
  2. Log in to your Apple Developer merchant account as an Account Holder or Admin.
  3. In the left navigation panel, select
    Certificates, Identifiers & Profiles
    .
  4. Perform these steps for each merchant domain that you registered with Apple:
    1. Click
      Identifiers
      , and select
      Merchant IDs
       in the pop-up menu on the top right.
    2. On the right, select your merchant identifier.
    3. Under Merchant Domains, click
      Add Domain
      . Enter the fully qualified name of the domain and click
      Save
      .
    4. Click
      Download
      , place the downloaded file in the specified locations, and click
      Verify
      .
  5. After you add all merchant domains that will process Apple Pay transactions, click
    Done
    .

Verifying the Merchant Domains That You Registered with Apple

  1. Follow these steps to verify the merchant domains you registered with Apple:
  2. Log in to your Apple Developer merchant account as an Account Holder or Admin.
  3. In the left navigation panel, select
    Certificates, Identifiers & Profiles
    .
  4. Perform these steps for each merchant domain that you registered with Apple:
    1. Click
      Identifiers
      , and select
      Merchant IDs
       in the pop-up menu on the top right.
    2. On the right, select your merchant identifier.
    3. Under Merchant Domains, click
      Verify
       next to the domain name.
    4. Follow the instructions that appear on the screen.

RESULT

You can now proceed to Validating Your Test Integration.

Validating Your Test Integration

Before you integrate Apple Pay into your production environment, validate your test integration of Apple Pay.
  1. Follow these steps to validate the integration in your test environment:
  2. Make sure your system is prepared for end-to-end testing.

    ADDITIONAL INFORMATION

  3. Add test payment cards to the wallet of your Apple sandbox tester account.

    ADDITIONAL INFORMATION

    Instructions are provided in the
    Sandbox Testing
     page on the Apple Developer portal:
    1. Follow the steps in the
      Create a Sandbox Tester Account
       section.

      ADDITIONAL INFORMATION

      Make sure the user account has permissions to use Apple Pay. You will use this account to log in to devices and services.
    2. Follow the steps in the
      Adding a Test Card Number
       section.
  4. Using the
    REST
     API, send Apple Pay transaction requests to the test endpoints.

    ADDITIONAL INFORMATION

    Refer to the tasks in Processing Apple Pay Transactions.
  5. Adjust your integration settings as needed until your test transactions complete successfully.

RESULT

Integrating Apple Pay into Your Production Environment

After you validate Apple Pay in your test environment, you can integrate Apple Pay into your production environment.
  1. Follow these steps to integrate Apple Pay into your production environment:
  2. Use your Apple merchant ID to generate a certificate signing request (CSR) and create a
    production
     Apple Pay payment processing certificate.

    ADDITIONAL INFORMATION

  3. If you offer your customers Apple Pay on the Web, perform the additional setup steps for your production environment.

    ADDITIONAL INFORMATION

RESULT

You can now proceed to Processing Apple Pay Transactions.